Jeff Hirsh Read: June 2023
Inspiration: Came across on Amazon’s bestseller list; interested to learn more about hacking in the early days of the Internet
Summary
Written with the help of ChatGPT, below is a brief summary to understand what is covered in the book.
“Ghost in the Wires”, published in 2012 by author and convicted hacker Kevin Mitnick, is an enthralling memoir that chronicles the life of the world’s most notorious hacker. Mitnick details his journey from being a curious teenager exploring early computer systems to becoming a formidable cybercriminal pursued by law enforcement agencies worldwide. The book offers a gripping account of Mitnick’s cat-and-mouse game with the FBI, as he eluded capture by constantly changing identities and using sophisticated social engineering techniques. Mitnick’s narrative provides insights into the vulnerabilities of computer systems and the human factor in cybersecurity breaches. “Ghost in the Wires” is a captivating story of redemption, as Mitnick eventually uses his skills for good, becoming a respected cybersecurity consultant and helping organizations protect against cyber threats.
Unedited Notes
Direct from my original book log, below are my unedited notes (abbreviations and misspellings included) to show how I take notes as I read.
Kevin naturally drawn to computers but first was magician that appealed to his interests, liked concept of “social engineering”–mirroring people to get what you want, developed strong social skills, always acted out and in high school would mess with radio waves, steal passwords, innocent things, at 17 entered a telephone company central building and barely got out without arrest, would redirect calls (“phone phreaker”), lots of pranks, continue to learn how to program and manipulate tech, developed method for extracting more and more info from people, police departments, DMVs, etc, more likely to get desired info if present wrong info vs broadly asking (e.g., is code 4462 vs. what is the code), poeple will correct you if you attempt more likely, phone phreakers hack into telecom systems early in phone era and divert call to diff lines, forward to wherever, would hack for free calls, at 17 GTE (the telephone company) caught on and terminated service and begin file on Kevin as he continue antics, 1980 went to college but dropped after 1 year—knew more than college knew, 1980 had no computer crime laws, still 17 in 1981 at UCLA arrested for hacking (new law in CA) but no charge, Kevin continue to hack for learning, got away from it a bit but had trouble keeping jobs with track record, multiple arrests and parole, people very wary of sharing info with him and Kevin enjoyed hacking employer tech (not malicious but simply out of his own interest), consistently on FBI watchlist, many claims made about the extent of his hacking—was on newspapers as “darkside hacker”, frequently overstated, Kevin’s strong suit was taking advantage of people’s willingness to help and his knowledge of lingo required to have credibility, cat and mouse game with FBI as they tap Kevin and Kevin tap them to learn what they know, constantly bewilder FBI with techniques and ability to access confidential info, fell into FBI agent plot to collaborate with a “hacker” Eric Heinz who was a fake identity, Kevin sniff it out but too late and had to cover tracks, dec 1992 got off supervised parole from earlier crimes but shortly after, confronted by FBI at Kinko’s (Kevin user Kinko’s to double fax papers to avoid tracing), Dec 1992 then go on the run—use Eric Weiss as name which was Harry Houdini’s real name, Kevin had hacked into DMV which gave him tons of info to work with, success in Denver with new life with new social security, license, bank accounts, leverage database of coroner’s office to ensure took on proper identity, joined law firm but kept up hacking habits, got bored often and set sights on Motorola which was smartphone company on cutting edge—toughest yet, had been hacked into cell companies in Denver to ensure alerted if any FBI calls from LA to Denver or elsewhere, got source code for motorola’s new small phone via social engineering (was early 90s), hacked into Novell (telco) but was being logged by suspicious security team, go for Nokia as Novell watching ramp, want Nokia source code for latest device but again as go to great lengths to get copy—FBI at hotel (which Kevin sniffed out ahead of time, would call hotel as FBI agent and ask what was happening and got details from hotel manager), also target NEC (massive tech company) and easily got source code for their latest cell phone, consistent method of calling various office posing as IT or Engineer with a problem or inconvenience requiring certain logins so then could hack and set up backdoors, or call employees and pose as IT to get their credentials and go from there to set up backdoors and own ghost logins, was transferring files to server at USC but was monitored as someone at USC noticed server storage being used without accounting for it, 1994 a bunch of cell company execs had meeting with FBI to discuss all had source code lifted, all perplexed as assume Kevin working for someone when really just for the challenge, spring 1994 fired from law firm not for a real reason but b/c saw he was busy on cell and pc a lot so assumed doing indep client work, nervous Kevin would sue so tried to dig up legit reason and began asking questions/found Eric Weiss did not exist, to Seattle as Brian Merrill next (couldn’t stay in Denver even with new identity given risk of coworkers), turned out a journalist was writing book on Kevin as well at the time, very first day in Seattle NYT article on Kevin published—cyberspace’s most wanted and eluding FBI written by John Markoff whom Kevin denied bookwriting 5 years prior, painted myth of Kevin, hack FBI and NORAD which not true but ultimately made Kevin top FBI priority and influence prosecutor’s view of him, busted in Seattle so take on identity as Michael and back to Denver, Christmas 1994 conduct IP spoofing hack on Shimmy a security expert—IP spoofing was theoretical to that point but Israeli hacker enable Kevin to do it to hack into Shimmy server, Feb 14 1995 caught in Raleigh apartment and identified via old pay stub left in old ski coat with Mitnick name, charged on 23 counts of fraud with max 460 years, painted in media as evil mastermind/massive threat, gvt prosecute very aggressively—put in solitary, think hacked gvt agencies/CIA, offered plea deal of 8 years but nonbinding so judge could decide worse and also pay millions which didn’t have, Sept 1996 indicted by LA grand jury on 25 counts after held for 18 months, no one on Kevin’s side (even own legal team), judge deny right to bail hearing, deny right to review evidence as judge worry Mitnick at computer since evidence was electronic would be a risk (though not even possible to get internet connection), treated as a magician, guards turn badges so he couldn’t see their name as if he could do something, myth was powerful force, blamed for all major hacks/issues with no one to blame, FBI claim $300mm in damages by trying to est value of source code which was absurd, found precedent case where hacking for curiosity let free but prosecutors say would make Mitnick miserable with trials in new jurisdictions and hold without bail, so Mitnick take a plea March 1999—harsh, no tech for 3 years at all, only pay $4k in fines, but better than constant trials despite weakening of gvt case, Jan 2000 released from prison, March 2000 testify to Senate committee on cspan, spark speaking career, asked to do lots of consultant type work for companies and tv shows, security firms want on board, went on talk shows, people wanted insight, given radio show later in 2000
